News

Joomla! Developer Network - Security News

Joomla! - the dynamic portal engine and content management system
  • [20120202] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Moderate
    • Versions: 1.7.4 and all earlier 1.7.x versions
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-06
    • Fixed Date: 2012-February-02

    Description

    On some servers the error log could be read by unauthorised users.

    Affected Installs

    Joomla! version 1.7.4 and all earlier 1.7.x versions

    Solution

    Upgrade to version 2.5.1 or 1.7.5 or higher

    Reported by Alain Rivest

    Contact

    The JSST at the Joomla! Security Center.



  • [20120203] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.0 and 1.7.0 - 1.7.4
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-29
    • Fixed Date: 2012-February-02

    Description

    Inadequate validation leads to path disclosure in administrator.

    Affected Installs

    Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

    Solution

    Upgrade to version 2.5.1 or 1.7.5 or higher

    Reported by Jakub Galczyk

    Contact

    The JSST at the Joomla! Security Center.



  • [20120201] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 2.5.0 and 1.7.0 - 1.7.4
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-29
    • Fixed Date: 2012-February-02

    Description

    Inadequate validation leads to information disclosure in administrator.

    Affected Installs

    Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions

    Solution

    Upgrade to version 1.7.5 or 2.5.1 or higher

    Reported by Jakub Galczyk

    Contact

    The JSST at the Joomla! Security Center.



  • [20120103] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
    • Exploit type: Information Disclosure
    • Reported Date: 2011-December-19
    • Fixed Date: 2012-January-24

    Description

    Inadequate filtering leads to information disclosure.

    Affected Installs

    Joomla! version 1.7.3 and all earlier versions

    Solution

    Upgrade to version 1.7.4 or 2.5.0 or higher

    Reported by Jean-Marie Simonet

    Contact

    The JSST at the Joomla! Security Center.



  • [20120101] - Core - Information Disclosure
    • Project: Joomla!
    • SubProject: All
    • Severity: Low
    • Versions: 1.7.3 and all earlier 1.7 and 1.6 versions
    • Exploit type: Information Disclosure
    • Reported Date: 2012-January-07
    • Fixed Date: 2012-January-24

    Description

    Inadequate filtering leads to information disclosure.

    Affected Installs

    Joomla! version 1.7.3 and all earlier versions

    Solution

    Upgrade to version 1.7.4 or 2.5.0 or higher

    Reported by Cyrille Barthelemy

    Contact

    The JSST at the Joomla! Security Center.



 

Austin Address

111 Congress, Suite 400
Austin, TX 78701
Austin Phone #: 512-300-3111
Austin Fax: 512-681-4479

Dallas Address

6440 North Central Expressway
Suite 810
Dallas, TX 75206
Dallas Phone#: 469-422-0188
Dallas Fax: 888-713-4308

Houston Address

Kimmons Investigative Services, Inc.
5906 Dolores, Suite 225, Houston, Tx. 77057
Phone # 713-532-5881
Fax # 713-266-4002
State Licensed for over 30 years